1331 matches found
EUVD-2026-41736
A vulnerability was determined in AD-Security ADMiner 1.9.0. Affected is the function requesta of the file adminer/scripts/analysecache.py of the component Cache Handler. This manipulation of the argument sys.argv1 causes deserialization. The attack can only be executed locally. The pull request ...
Flowise CSV Agent Prompt Injection RCE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper...
PYSEC-2026-477 PraisonAI has critical RCE via `type: job` workflow YAML
praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: β shell command execution via subprocess.run - script: β inline Python execution via exec - python: β arbitrary Python script execution A malicious YAML...
PYSEC-2026-488 PraisonAI has critical RCE via `type: job` workflow YAML
praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: β shell command execution via subprocess.run - script: β inline Python execution via exec - python: β arbitrary Python script execution A malicious YAML...
SQLi.py
No d...
Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U
SolarWinds Serv-U Unauthenticated DoS: Safe Detection Script...
injection_exploit
Injection Exploit SQLi 6 engines + SSTI 11 engines β GET/...
CVE-2026-41265
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...
DMonitor 1.0.3 Outbound Connection / Port Configuration Auditor
This Python script is an outbound connection and port configuration auditor for DMonitor version 1.0.3...
MAL-2026-3761 Malicious code in ethers-signing-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...
Malicious code in ethers-signing-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence AI system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and...
Apache mod_http2 Double-Free Detector
This is a python script that assist with detecting whether or not a server is vulnerable to the Apache modhttp2 double-free vulnerability...
ex-kernel
EXPLOIT KERNEL LINUX Installation gu...
exploit-db-skill
Exploit-DB Skill Cross-Platform Small cross-platform helper...
Windows Persistence via UserInitMprLogonScript Registry Key
This Python script demonstrates a Windows persistence technique based on modifying the HKCU\Environment\UserInitMprLogonScript registry value, which allows execution of a program each time the user logs in...
Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple
-CVE-201...
π OpenClaw 2026.3.13 MEDIA Protocol File Disclosure
This Python script is a security exploitation tool targeting the OpenClaw system integrated with Discord. It attempts to exfiltrate sensitive files from a victim environment by abusing a MEDIA: prompt injection mechanism...
CVE-2026-41264
Flowise CVE-2026-41264 affects the Flowise CSV Agent node. The flaw is in the run method of the CSV_Agents class, where an LLM-generated Python script is evaluated without proper sandboxing, enabling prompt-injection to cause execution of attacker-controlled commands on the Flowise server. This a...
CVE-2026-41265
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...